Split out init to have standalone runc, containerd

Also add ca-certificates to base, needed to use `dist` to pull. Make two stage builds for `containerd` and `runc` so they have a from `scratch` second stage. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-09-16 07:09:57 +00:00 · 2017-04-07 16:25:18 +01:00
parent 9553bbf514
commit a54a694772
17 changed files with 80 additions and 55 deletions
--- a/pkg/ca-certificates/Dockerfile
+++ b/pkg/ca-certificates/Dockerfile
@@ -0,0 +1,7 @@
+FROM debian:testing
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get -yq upgrade && apt-get install -yq ca-certificates
+
+RUN printf "FROM scratch\nCOPY /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/\n" > Dockerfile
+CMD ["tar", "cf", "-", "Dockerfile", "etc/ssl/certs/ca-certificates.crt"]
--- a/pkg/ca-certificates/Makefile
+++ b/pkg/ca-certificates/Makefile
@@ -0,0 +1,31 @@
+.PHONY: tag push
+
+BASE=debian:testing
+IMAGE=ca-certificates
+
+default: push
+
+hash: Dockerfile
+	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
+	tar cf - $^ | docker build --no-cache -t $(IMAGE):build0 -
+	docker run --rm $(IMAGE):build0 | docker build --no-cache -t $(IMAGE):build -
+	docker run --rm -i $(IMAGE):build0 sh -c "cat /etc/ssl/certs/ca-certificates.crt /etc/debian_version | sha1sum - | sed 's/ .*//'" > $@
+	docker rmi $(IMAGE):build0
+
+push: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
+		 docker push mobylinux/$(IMAGE):$(shell cat hash))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+tag: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+clean:
+	rm -f hash
+
+.DELETE_ON_ERROR: